import { Rule } from "./types";

export const Flake8BanditRuleList: Rule[] = [
    {
        code: "S101",
        name: "assert",
        descEn: "Use of assert detected",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S102",
        name: "exec-builtin",
        descEn: "Use of exec detected",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S103",
        name: "bad-file-permissions",
        descEn: "os.chmod setting a permissive mask {mask:#o} on file or directory",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S104",
        name: "hardcoded-bind-all-interfaces",
        descEn: "Possible binding to all interfaces",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S105",
        name: "hardcoded-password-string",
        descEn: `Possible hardcoded password: "{}"`,
        descCn: "",
        autoFix: false,
    },
    {
        code: "S106",
        name: "hardcoded-password-func-arg",
        descEn: `Possible hardcoded password: "{}"`,
        descCn: "",
        autoFix: false,
    },
    {
        code: "S107",
        name: "hardcoded-password-default",
        descEn: `Possible hardcoded password: "{}"`,
        descCn: "",
        autoFix: false,
    },
    {
        code: "S108",
        name: "hardcoded-temp-file",
        descEn: `Probable insecure usage of temporary file or directory: "{}"`,
        descCn: "",
        autoFix: false,
    },
    {
        code: "S110",
        name: "try-except-pass",
        descEn: "try-except-pass detected, consider logging the exception",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S112",
        name: "try-except-continue",
        descEn: "try-except-continue detected, consider logging the exception",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S113",
        name: "request-without-timeout",
        descEn: "Probable use of requests call with timeout set to {value}",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S301",
        name: "suspicious-pickle-usage",
        descEn: "pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S302",
        name: "suspicious-marshal-usage",
        descEn: "Deserialization with the marshal module is possibly dangerous",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S303",
        name: "suspicious-insecure-hash-usage",
        descEn: "Use of insecure MD2, MD4, MD5, or SHA1 hash function",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S304",
        name: "suspicious-insecure-cipher-usage",
        descEn: "Use of insecure cipher, replace with a known secure cipher such as AES",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S305",
        name: "suspicious-insecure-cipher-mode-usage",
        descEn: "Use of insecure cipher mode, replace with a known secure cipher such as AES	",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S306",
        name: "suspicious-mktemp-usage",
        descEn: "Use of insecure and deprecated function (mktemp)",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S307",
        name: "suspicious-eval-usage",
        descEn: "Use of possibly insecure function; consider using ast.literal_eval",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S308",
        name: "suspicious-mark-safe-usage",
        descEn: "Use of mark_safe may expose cross-site scripting vulnerabilities",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S310",
        name: "suspicious-url-open-usage",
        descEn: "Audit URL open for permitted schemes. Allowing use of file: or custom schemes is often unexpected.",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S311",
        name: "suspicious-non-cryptographic-random-usage",
        descEn: "Standard pseudo-random generators are not suitable for cryptographic purposes",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S312",
        name: "suspicious-telnet-usage",
        descEn: "Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S313",
        name: "suspicious-xmlc-element-tree-usage",
        descEn: "Using xml to parse untrusted data is known to be vulnerable to XML attacks; use defusedxml equivalents	",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S314",
        name: "suspicious-xml-element-tree-usage",
        descEn: "Using xml to parse untrusted data is known to be vulnerable to XML attacks; use defusedxml equivalents",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S315",
        name: "suspicious-xml-expat-reader-usage",
        descEn: "Using xml to parse untrusted data is known to be vulnerable to XML attacks; use defusedxml equivalents	",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S316",
        name: "suspicious-xml-expat-builder-usage",
        descEn: "Using xml to parse untrusted data is known to be vulnerable to XML attacks; use defusedxml equivalents	",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S317",
        name: "suspicious-xml-sax-usage",
        descEn: "Using xml to parse untrusted data is known to be vulnerable to XML attacks; use defusedxml equivalents	",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S318",
        name: "suspicious-xml-mini-dom-usage",
        descEn: "Using xml to parse untrusted data is known to be vulnerable to XML attacks; use defusedxml equivalents",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S319",
        name: "suspicious-xml-pull-dom-usage",
        descEn: "Using xml to parse untrusted data is known to be vulnerable to XML attacks; use defusedxml equivalents",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S320",
        name: "suspicious-xmle-tree-usage",
        descEn: "Using xml to parse untrusted data is known to be vulnerable to XML attacks; use defusedxml equivalents",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S321",
        name: "suspicious-ftp-lib-usage",
        descEn: "FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S323",
        name: "suspicious-unverified-context-usage",
        descEn: "Python allows using an insecure context via the _create_unverified_context that reverts to the previous behavior that does not validate certificates or perform hostname checks.",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S324",
        name: "hashlib-insecure-hash-function",
        descEn: "Probable use of insecure hash functions in hashlib: {string}",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S501",
        name: "request-with-no-cert-validation",
        descEn: "Probable use of {string} call with verify=False disabling SSL certificate checks",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S506",
        name: "unsafe-yaml-load",
        descEn: "Probable use of unsafe loader {name} with yaml.load. Allows instantiation of arbitrary objects. Consider yaml.safe_load.",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S508",
        name: "snmp-insecure-version",
        descEn: "The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S509",
        name: "snmp-weak-cryptography",
        descEn: "You should not use SNMPv3 without encryption. noAuthNoPriv & authNoPriv is insecure.",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S602",
        name: "subprocess-popen-with-shell-equals-true",
        descEn: "subprocess call with shell=True seems safe, but may be changed in the future; consider rewriting without shell	",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S603",
        name: "subprocess-without-shell-equals-true",
        descEn: "subprocess call: check for execution of untrusted input",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S604",
        name: "call-with-shell-equals-true",
        descEn: "Function call with shell=True parameter identified, security issue	",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S605",
        name: "start-process-with-a-shell",
        descEn: "Starting a process with a shell: seems safe, but may be changed in the future; consider rewriting without shell	",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S606",
        name: "start-process-with-no-shell",
        descEn: "Starting a process without a shell",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S607",
        name: "start-process-with-partial-path",
        descEn: "Starting a process with a partial executable path",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S608",
        name: "hardcoded-sql-expression",
        descEn: "Possible SQL injection vector through string-based query construction",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S612",
        name: "logging-config-insecure-listen",
        descEn: "Use of insecure logging.config.listen detected",
        descCn: "",
        autoFix: false,
    },
    {
        code: "S701",
        name: "jinja2-autoescape-false",
        descEn: "Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select_autoescape function.",
        descCn: "",
        autoFix: false,
    },
];